Hello,
First of all i apologize for my english, I'm not a guru, but this may help.
I used the definitions from Dr. Stephen Henson. I found them in the web.
Using those definitions we developped a library using C++ to handle
management, verification and delegation of Acs:
And just this code should work (at least, at this time we haven't found
problems opening Acs) with the code I have attached
X509AC *ac;
ac = PEM_read_X509AC(fp, NULL, NULL, NULL);
Define this for other ways to open the Acs:
#define d2i_X509AC_bio(bp,x509AC) (X509AC *)ASN1_d2i_bio((char
*(*)())X509AC_new, \
(char *(*)())d2i_X509AC, (bp),(unsigned char **)(x509AC))
#define PEM_read_bio_X509AC(bp,x,cb,u) (X509AC *)PEM_ASN1_read_bio( \
(char *(*)())d2i_X509AC,PEM_STRING_X509AC,bp,(char **)x,cb,u)
Dani
*´¯`*.¸¸.*´¯`*.¸¸.*´¯`*.¸¸.*´¯`*.¸¸.*´¯`*.¸¸
___________________________________________
Daniel Díaz Sánchez /Univ.Carlos III
Investigador /Depto.Ing. Telematica
[EMAIL PROTECTED] /Edif.Torres Quevedo
www.it.uc3m.es/dds <outbind://54/www.it.uc3m.es/dds> /Avd.dela
universidad,30
Tlf: 916248816/Leganes,Madrid, 28911
____________________________________________
`*.¸¸.*´¯`*.¸¸.*´¯`*.¸¸.*´¯`*.¸¸.*´¯`*.¸¸.*´
________________________________
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
En nombre de Hashim Saleem
Enviado el: jueves, 08 de septiembre de 2005 17:29
Para: [email protected]
Asunto: Problem while parsing attribute certificate.
Hi all,
I have made a try to parse attribute certificate by writing attribute
certificate ASN.1 structures myself after knowing that OpenSSL yet has no
support for attribute certificate. I am getting error right at the beginning
that is on d2i_X509AC(). It complains with the error message "Wrong Tag". It
appears to me that I have some mistake in my attribute certificate ASN.1
structures declarations. I am attaching the source files alongwith the
attribute certificate. OpenSSL gurus please help on this.
Regards,
Hashim Saleem
/* Written by Dr Stephen N Henson ([EMAIL PROTECTED]) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* ([EMAIL PROTECTED]). This product includes software written by Tim
* Hudson ([EMAIL PROTECTED]).
*
*/
/* Prototype attribute certificate code */
/* WARNING WARNING WARNING: this module is higly experimental and subject
* to change. Use entirely at your own risk.
*/
#ifndef _x509ac_h_
#define _x509ac_h_
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/asn1t.h>
#ifdef __cplusplus
extern "C"
{
#endif
typedef struct X509AC_OBJECT_DIGESTINFO_st {
ASN1_ENUMERATED *type;
ASN1_OBJECT *othertype;
X509_ALGOR *algor;
ASN1_BIT_STRING *digest;
} X509AC_OBJECT_DIGESTINFO;
typedef struct X509AC_ISSUER_SERIAL_st {
GENERAL_NAMES *issuer;
ASN1_INTEGER *serial;
ASN1_BIT_STRING *issuerUniqueID;
} X509AC_ISSUER_SERIAL;
typedef struct X509AC_V2FORM_st {
GENERAL_NAMES *issuer;
X509AC_ISSUER_SERIAL *baseCertID;
X509AC_OBJECT_DIGESTINFO *digest;
} X509AC_V2FORM;
typedef struct X509AC_ISSUER_st {
int type;
union {
GENERAL_NAMES *v1Form;
X509AC_V2FORM *v2Form;
} d;
} X509AC_ISSUER;
typedef struct X509AC_HOLDER_st {
X509AC_ISSUER_SERIAL *baseCertID;
GENERAL_NAMES *entity;
X509AC_OBJECT_DIGESTINFO *objectDigestInfo;
} X509AC_HOLDER;
typedef struct X509AC_VAL_st {
ASN1_GENERALIZEDTIME *notBefore;
ASN1_GENERALIZEDTIME *notAfter;
} X509AC_VAL;
typedef struct X509AC_INFO_st {
ASN1_INTEGER *version;
X509AC_HOLDER *holder;
X509AC_ISSUER *issuer;
X509_ALGOR *algor;
ASN1_INTEGER *serial;
X509AC_VAL *validity;
STACK_OF(X509_ATTRIBUTE) *attributes;
//X509_ATTRIBUTE *attributes;
ASN1_BIT_STRING *issuerUniqueID;
STACK_OF(X509_EXTENSION) *extensions;
} X509AC_INFO;
typedef struct X509AC_st {
X509AC_INFO *info;
X509_ALGOR *algor;
ASN1_BIT_STRING *signature;
} X509AC;
/* added by markus lorch */
DECLARE_ASN1_ITEM(X509AC)
DECLARE_ASN1_FUNCTIONS(X509AC)
DECLARE_ASN1_ITEM(X509AC_INFO)
DECLARE_ASN1_FUNCTIONS(X509AC_INFO)
DECLARE_ASN1_ITEM(X509AC_ISSUER_SERIAL)
DECLARE_ASN1_FUNCTIONS(X509AC_ISSUER_SERIAL)
DECLARE_ASN1_ITEM(X509AC_ISSUER)
DECLARE_ASN1_FUNCTIONS(X509AC_ISSUER)
DECLARE_ASN1_ITEM(X509AC_HOLDER)
DECLARE_ASN1_FUNCTIONS(X509AC_HOLDER)
DECLARE_ASN1_ITEM(X509AC_V2FORM)
DECLARE_ASN1_FUNCTIONS(X509AC_V2FORM)
#ifdef __cplusplus
}
#endif
#endif/* Written by Dr Stephen N Henson ([EMAIL PROTECTED]) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* ([EMAIL PROTECTED]). This product includes software written by Tim
* Hudson ([EMAIL PROTECTED]).
*
*/
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/asn1t.h>
#include "x509ac.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* Prototype attribute certificate code */
/* WARNING WARNING WARNING: this module is higly experimental and subject
* to change. Use entirely at your own risk.
*/
/* ASN1 module */
ASN1_SEQUENCE(X509AC_OBJECT_DIGESTINFO) = {
ASN1_SIMPLE(X509AC_OBJECT_DIGESTINFO, type, ASN1_ENUMERATED),
ASN1_OPT(X509AC_OBJECT_DIGESTINFO, othertype, ASN1_OBJECT),
ASN1_SIMPLE(X509AC_OBJECT_DIGESTINFO, algor, X509_ALGOR),
ASN1_SIMPLE(X509AC_OBJECT_DIGESTINFO, digest, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(X509AC_OBJECT_DIGESTINFO)
ASN1_SEQUENCE(X509AC_ISSUER_SERIAL) = {
ASN1_SEQUENCE_OF(X509AC_ISSUER_SERIAL, issuer, GENERAL_NAME),
ASN1_SIMPLE(X509AC_ISSUER_SERIAL, serial, ASN1_INTEGER),
ASN1_OPT(X509AC_ISSUER_SERIAL, issuerUniqueID, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(X509AC_ISSUER_SERIAL)
ASN1_SEQUENCE(X509AC_V2FORM) = {
ASN1_SEQUENCE_OF_OPT(X509AC_V2FORM, issuer, GENERAL_NAME),
ASN1_IMP_OPT(X509AC_V2FORM, baseCertID, X509AC_ISSUER_SERIAL, 0),
ASN1_IMP_OPT(X509AC_V2FORM, digest, X509AC_OBJECT_DIGESTINFO, 1)
} ASN1_SEQUENCE_END(X509AC_V2FORM)
ASN1_CHOICE(X509AC_ISSUER) = {
ASN1_SEQUENCE_OF(X509AC_ISSUER, d.v1Form, GENERAL_NAME),
ASN1_IMP(X509AC_ISSUER, d.v2Form, X509AC_V2FORM, 0)
} ASN1_CHOICE_END(X509AC_ISSUER)
ASN1_SEQUENCE(X509AC_HOLDER) = {
// ASN1_IMP_OPT(X509AC_HOLDER, baseCertID, X509AC_ISSUER_SERIAL, 0),
ASN1_IMP_OPT(X509AC_HOLDER, baseCertID, X509AC_ISSUER_SERIAL, 0),
ASN1_IMP_SEQUENCE_OF_OPT(X509AC_HOLDER, entity, GENERAL_NAME, 1),
ASN1_IMP_OPT(X509AC_HOLDER, objectDigestInfo, X509AC_OBJECT_DIGESTINFO,
2)
} ASN1_SEQUENCE_END(X509AC_HOLDER)
ASN1_SEQUENCE(X509AC_VAL) = {
ASN1_SIMPLE(X509AC_VAL, notBefore, ASN1_GENERALIZEDTIME),
ASN1_SIMPLE(X509AC_VAL, notAfter, ASN1_GENERALIZEDTIME)
} ASN1_SEQUENCE_END(X509AC_VAL)
ASN1_SEQUENCE(X509AC_INFO) = {
// ASN1_OPT(X509AC_INFO, version, ASN1_INTEGER),
ASN1_SIMPLE(X509AC_INFO, version, ASN1_INTEGER),
ASN1_SIMPLE(X509AC_INFO, holder, X509AC_HOLDER),
ASN1_SIMPLE(X509AC_INFO, issuer, X509AC_ISSUER),
ASN1_SIMPLE(X509AC_INFO, algor, X509_ALGOR),
ASN1_SIMPLE(X509AC_INFO, serial, ASN1_INTEGER),
ASN1_SIMPLE(X509AC_INFO, validity, X509AC_VAL),
// ASN1_SEQUENCE_OF_OPT(X509AC_INFO, attributes, X509_ATTRIBUTE),
ASN1_SEQUENCE_OF(X509AC_INFO, attributes, X509_ATTRIBUTE),
ASN1_OPT(X509AC_INFO, issuerUniqueID, ASN1_BIT_STRING),
ASN1_SEQUENCE_OF_OPT(X509AC_INFO, extensions, X509_EXTENSION)
} ASN1_SEQUENCE_END(X509AC_INFO)
ASN1_SEQUENCE(X509AC) = {
ASN1_SIMPLE(X509AC, info, X509AC_INFO),
ASN1_SIMPLE(X509AC, algor, X509_ALGOR),
ASN1_SIMPLE(X509AC, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(X509AC)
IMPLEMENT_ASN1_FUNCTIONS(X509AC_ISSUER_SERIAL)
IMPLEMENT_ASN1_FUNCTIONS(X509AC_V2FORM)
IMPLEMENT_ASN1_FUNCTIONS(X509AC_HOLDER)
IMPLEMENT_ASN1_FUNCTIONS(X509AC_ISSUER)
IMPLEMENT_ASN1_FUNCTIONS(X509AC_INFO)
IMPLEMENT_ASN1_FUNCTIONS(X509AC)
IMPLEMENT_ASN1_DUP_FUNCTION(X509AC_ISSUER_SERIAL)
IMPLEMENT_ASN1_DUP_FUNCTION(X509AC_V2FORM)
IMPLEMENT_ASN1_DUP_FUNCTION(X509AC_HOLDER)
IMPLEMENT_ASN1_DUP_FUNCTION(X509AC_ISSUER)
IMPLEMENT_ASN1_DUP_FUNCTION(X509AC_INFO)
IMPLEMENT_ASN1_DUP_FUNCTION(X509AC)
#ifdef __cplusplus
}
#endif
#ifdef TEST
int main()
{
BIO *in;
X509AC *ac;
ERR_load_crypto_strings();
in = BIO_new_fp(stdin, BIO_NOCLOSE);
ac = ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509AC), in, NULL);
fprintf(stderr, "AC is %lx\n", ac);
ERR_print_errors_fp(stderr);
}
#endif
#ifndef X509AC_SUPP
#define X509AC_SUPP
#include <openssl/x509.h>
#include "x509ac.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* defines for debugging and error reporting */
#define ONELINELEN 128
void handle_error (const char *file, int lineno, const char *msg);
#define int_error(msg) handle_error(__FILE__, __LINE__, msg)
/* should be in pem/pem.h */
#define PEM_STRING_X509AC "ATTRIBUTE CERTIFICATE"
#define PEM_read_X509AC(fp,x,cb,u) (X509AC *)PEM_ASN1_read( \
(char *(*)())d2i_X509AC,PEM_STRING_X509AC,fp,(char **)x,cb,u)
/* functions in X509AC-supp.c */
X509_NAME *X509AC_get_issuer_name(X509AC *a);
X509_NAME *X509AC_get_holder_name(X509AC *a);
int X509AC_verify_cert(X509_STORE_CTX * verify_ctx, X509AC * ac);
void X509AC_print(X509AC *ac);
#ifdef __cplusplus
}
#endif
#endif
